SANS Cyber Defense Initiative® 2020 Live Online: 30+ Interactive Courses | Virtual NetWars Tournaments. Save $300 thru 11/18


Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

Exploits Against Endpoints on the Rise: Results of the SANS Threat Landscape Survey

Endpoints Continue To Be at Risk; Phishing and Ransomware on the Rise; New Approach Needed

  • Bethesda, MD, USA
  • August 3, 2016

Exploits against endpoints are on the rise and the damage associated with such compromises are growing, according to results of a new survey to be released by SANS Institute on August 11, 2016.

In it, survey respondents indicated that impactful threats enter organizational infrastructures through a number of means, with 75% of respondents saying that impactful threats had entered through email attachments, 46% said such threats also entered through user's browsers via malicious link, and 41% saw threats start at the browser with web drive-by downloads.

Such threats rely on the user and the security of his or her connected devices to initiate an attack, says SANS mentor instructor and survey author, Lee Neely.

"The perfect storm is upon us," says Neely, who teaches cyber security management and information security officer training at SANS. "Ransomware is on the rise, and its primary distribution mechanisms--phishing and web drive-bys--are at the top of the successful attack list."

Phishing, including spearphishing and whaling combined with ransomware make up the top significant impact threats worldwide, with 68% indicating an increase in general phishing threats, 49% seeing an increase in Ransomware, and 47% seeing increases in spearphishing and whaling (targeted phishing and phishing company executives).

"Users and their endpoints are ground zero for the attackers trying to take over our systems and information," continues Neely. "The current threat landscape is showing the gaps in our defense mechanisms are ripe for exploit."

When asked how significant events got past their defenses, 48% of respondents indicated they were traced back to user error, 38% caused by social engineering, and 37% attributed to zero-day attacks. In addition, 39% of respondents reported that attacks evaded network security because their firewalls didn't detect the threat, and 37% said the same thing about their IDS/IPS systems.

"With the widespread adoption of mobile teleworkers and cloud based services, the enterprise protection envelope needs to work beyond the perimeter to provide protections regardless of user or data location," concludes Neely. "It's time to move away from primary reliance on signature based-detection and move toward behavior-based threat detection and comprehensive whitelisting."

Full results will be shared during an August 11, 2016, webcast at 1 PM Eastern, sponsored by Check Point Technologies, Ltd, and hosted by SANS. Register to attend the webcast at

A second webcast on September 7 at 9:00 Eastern time addresses the results with a look at the European results. Register to attend this webcast at

Those who register for either of the webcasts will also receive access to the published results paper developed by SANS mentor instructor and survey author, Lee Neely.

Tweet this:

"Exploits Against Endpoints on the Rise"- Don't miss the SANS 2016 Threat Landscape webcast | 8/11 @ 1PM EDT |
"Phishing combined w/ ransomware make up the top significant impact threats worldwide" | 8/11 @ 1PM EDT | Register:
Don't Miss the SANS 2016 Threat Landscape Survey Results Webcast | 8/11 @ 1PM EDT | Register Now:

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 60 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates a practitioner’s qualifications via over 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (